Speakout Email Petitions
Monthly
Unauthenticated SQL injection in the SpeakOut! Email Petitions WordPress plugin (versions ≤ 4.6.5) allows remote attackers to inject arbitrary SQL into backend database queries without credentials or user interaction. Reported by Patchstack and tracked as EUVD-2026-36960, the flaw carries a CVSS 3.1 score of 9.3 driven by a changed scope and network-reachable attack surface. No public exploit identified at time of analysis, but the trivial exploitability and WordPress plugin ecosystem make opportunistic mass-scanning likely.
The SpeakOut!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated SQL injection in the SpeakOut! Email Petitions WordPress plugin (versions ≤ 4.6.5) allows remote attackers to inject arbitrary SQL into backend database queries without credentials or user interaction. Reported by Patchstack and tracked as EUVD-2026-36960, the flaw carries a CVSS 3.1 score of 9.3 driven by a changed scope and network-reachable attack surface. No public exploit identified at time of analysis, but the trivial exploitability and WordPress plugin ecosystem make opportunistic mass-scanning likely.
The SpeakOut!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.